Iowa Becomes Sixth State To Pass An Internet Privacy Law
from the we'll-just-do-it-ourselves dept
While there’s a lot of talk about how getting privacy legislation right is hard (it is), or that doing it wrong could pose many problems (it could), that should never derail attention from the real reason the U.S. has no federal privacy law in 2023: Congress is blisteringly, comically corrupt. And with numerous, deep-pocketed industries lobbying it in unison, quality federal privacy law never had a chance.
The end result is pretty obvious: just an endless parade of hacks, breaches, scandals, and other misadventures in which extremely sensitive U.S. consumer data is over-collected, secured poorly, and routinely abused. An environment in which companies and execs face fleetingly inconsistent accountability, if they see any accountability at all.
And as a consumer all you get for your trouble is another round of useless “free credit reporting” from companies that are also routinely sloppy with consumer data.
In response to federal corruption, dysfunction, and apathy, states have filled the vacuum with their own privacy laws of varying quality. This week Iowa became the sixth state to pass its own privacy law (S.F. 262), on the heels of similar pushes in California, Virginia, Utah, Connecticut and Colorado. As it currently stands, Iowa’s law most closely relates to Utah’s SB 277.
There’s a few differences from other state efforts, such as in the way Iowa consumers need to opt out of the most sensitive types of data collection (financial, mental health, etc.):
Iowa’s framework differs, however, from a few others since it requires covered entities to provide a clear notice of data usage and opt-out option for sensitive data — which it defines as racial or ethnic origin, religious beliefs, mental or physical diagnosis, sexual orientation, citizenship or immigration status. Colorado, Connecticut and Virginia have opt-in requirements.
Of course passing laws is one challenge. Having state AGs actually enforce them at any real scale is another matter. Especially given the increasingly industry-friendly court system and the unlimited budgets of corporate legal and lobbying coalitions. Still, the alternative is waiting for Congress to function.
While corporations and some partisans will lament how states are creating a “discordant collection of patchwork legislation” (they’re right!), this is a problem directly created by U.S. industry itself, which has lobbied relentlessly against any federal privacy law. When they do support federal privacy laws, they’re usually ghost written by the lawyers of the biggest corporations and so full of loopholes as to be useless.
U.S. failures on privacy mirror countless other efforts at reform that can’t move forward due to congressional corruption. Particularly in the realm of consumer protection (see: telecom), where states are also having to cobble together imperfect solutions to problems the federal government could have tackled decades ago were we interested in lobbying and campaign finance reform (we’re not).
But for every state that at least pretends to care about consumer privacy and consumer protection, there are two or three states in which protecting consumers from consolidated corporate power is a non-starter, leaving millions of U.S. consumers shit out of luck. As authoritarians and self-serving partisans assault the regulatory state and court system, this all gets worse without a meaningful sea change.
Filed Under: consumer privacy, consumer protection, data breaches, hacking, privacy, privacy law
Comments on “Iowa Becomes Sixth State To Pass An Internet Privacy Law”
Did you know that IOWA is actually an acronym?
It stands for “Idiots Out Walking Around”.
Go there, and you will see them.
Somehow they were selected to choose who we get to vote for, and look where we are…
Re:
Nope, we don’t choose who is elected. Biden finished fourth place in the caucus here but he did finish first in South Carolina primaries. Conveniently, South Carolina was chosen to now vote first. Wonder why that happened?
A start
If our legislators are truly interested in protecting our data from China, time to stop blathering on and get behind real data reform for the entire US.
Re:
I have way less concern of China getting our information than say, the local government.
To me, China is the “squirrel” of this whole argument. It’s just a distraction of what’s really going on.
Well look at this...
Congress wants to pass this wonderful bill to take care of the matter once and for all. /s
https://www.eff.org/deeplinks/2023/04/broad-vague-restrict-act-dangerous-substitute-comprehensive-data-privacy
Opt OUT? No, Opt IN!
All issues related to privacy should be on an opt IN basis. The default should not be that they get to look at everything unless you go to the hassle of opting out on every single web site, app, etc, that you visit.
But then they wouldn’t be able to hoover up as much data so it’ll never happen.
If there is way I could set up my phone & computer to automatically opt out of all data collection I would really like to find it.
Re:
The great part is that you can submit all your info to a service that will opt out of everything for you!
Nothing could ever go wrong with that!
Re: Re: Re:
Sure, go to said service, give them my name + plus all versions of my name that might be used somewhere, address + all previous addresses, date of birth, SSN, all phone numbers, employers, blah, blah, blah; and they’ll make sure I never get contacted. More like then I’ll be flooded with spam and will never get away from it. Plus have my identity stolen and sold around the world.
No, I want a simple setting in my system that says, DO NOT TRACK, DO NOT USE COOKIES. Every website has a different approach to this and it usually involves going to a different page to say I don’t want you to do this. A very few enlightened sites ask yes or no on their front page and the answer to that is the end of it. I don’t need to go to a different page and check off dozens of different trackers that I want to avoid. As if I would want to avoid all of them except for a short list of trackers that I think are acceptable? BS!
Retards forget the First Amendment
What part of the Supreme Court’s decisions are people not getting?
There are no content based exceptions to the first amendment that are outside of those that were in existence when the first amendment was created.
Insofar that you can pretend that calling something “privacy” does not make it into the exception of the first amendment, because the traditional tort of privacy did not include information that you willingly give to third parties.
The justification of these privacy laws, could be justified as “speech integral to criminal conduct” (i.e. fraud) where it involves credit card and social security numbers. However what is really meant by privacy, is “how dare people know what sorts of things I like / look at”, which is not within a “compelling government interest” i.e. stopping crime.
The Money-Go-Round
If I wanted to make sure that everyone who ‘needed’ to use the internet had to first identify themselves fully, so that me and my corporate buddies could send them a shitload of targeted ads and sell their personal web-history to other companies and the Guv, I’d want my other buddies in the Guv to make damn sure there was absolutely no on-line or email security of any useful kind available in the country.
Then I’d have those Guv dudes scream “Protect the Children” continuously and convince the generally sleeping public that the people who use the internet needed to ID themselves to Protect The Children.
Then, for a cut of the take, my Guv Buds could write up some nifty news laws that will ‘legally’ force full identification on the millions of internet addicts, to “protect the children” and the generally ignorant public will remain utterly ignorant of the ruse for at least another decade of sweet, sweet profit for me and my buds.
As long as
As long as no law prohibits the wilful sharing then it’s always good to set protections.